I have a new risk management online course soon to be posted at the Risk and Insurance Management Society (RIMS – New York) professional education web page. It is called Managing IT Risk and Cyber Threats – What Risk Professionals Need to Know. The content was created by IT professional Michael Fong. Risk managers often struggle with how to approach and work with the IT department, which, after all, has its own methods and frameworks, a specialized vocabulary, and a distinct view of risk. This course aims to give risk managers the grounding they need to understand and help build the IT risk management framework.

Several years ago, Michael and I worked together in the area of electronic service delivery for government. I approached him last year with the idea for this course, and I was thrilled when he agreed to take on the job. We put together a pilot survey to learn the requirements among IT-focused risk managers, and subsequently had long discussions in coffee shops, sorting out how the two disciplines of IT and risk management should best be integrated.

The course makes the IT risk management process comprehensible, because it shows well-defined contexts within which to identify risk associated with information technology and information management.

MODULE 1: The first part focuses on understanding the relationship between the IT framework; i.e., the enterprise architecture (there are several types), and the risk management regime. Also within module 1 is a discussion of IT lifecycles.

MODULE 2: The next section treats cyber risks themselves, and helps you understand their attributes.

MODULE 3: This looks at risks that originate from within the organization.

MODULE 4: Michael discusses the hot topic of the risks of social media, and does a fine-grained analysis of the problems that Facebook, Twitter, and the like pose to the organization.

MODULE 5: The last module addresses the selection of commercial cyber insurance to cover residual risk. Specific advice on loss control and cooperation between IT and risk management personnel is threaded into the discussion.

In support of narrated slide presentations, Michael presents pdf downloads of transcripts, diagrams to help the participant apply the concepts in the workplace, as well as self-tests and supplementary reading. His understanding of and passion for the material comes through.